CERT-In Vulnerability Note
CIVN-2020-0410
Denial of Service Vulnerability in Cisco IOS XR Software
Original Issue Date:November 20, 2020
Severity Rating: HIGH
Software Affected
- Cisco IOS XR Software releases prior to 6.7.2 or 7.1.2
Overview
Vulnerability has been reported in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
Description
A Vulnerability exists in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers due to improper resource allocation when an affected device processes network traffic in software switching mode. An attacker could exploit this vulnerability by sending specific streams of Layer 2 or Layer 3 protocol data units (PDUs) to an affected device.
Successful exploitation of this vulnerability could cause the affected device to run out of buffer resources, which could make the device unable to process or forward traffic, resulting in a DoS condition.
Solution
Apply appropriate updates as mentioned in:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cp-dos-ej8VB9QY
Vendor Information
CISCO
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cp-dos-ej8VB9QY
References
CISCO
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cp-dos-ej8VB9QY
CVE Name
CVE-2020-26070
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|